Keeping up with the monumental changes in healthcare while trying to improve efficiencies and reduce costs may seem like an impossible task. That's where GHX Assessment Services come in. Our experts will assess your supply chain and build a design plan that supports your strategic goals to improve margins. You'll be poised to implement products and technology that help optimize the value of your supply chain while lowering project costs and risks.

Automating your invoicing process is an important part of the AP optimization equation, but technology alone won’t solve your business problem. Turn to GHX AP Optimization Services to help you achieve hard-dollar savings and reduce labor requirements by transforming your accounts payable function. Say goodbye to the days of paper-based processes plagued with errors and inefficiencies and hello to a well-tuned, efficient and highly automated operation.

To make your investment in e-commerce worthwhile, you need to reach the volume of transactions required to truly realize the benefits you expect—and need. Start seeing the results you’re looking for with GHX e-Commerce Acceleration Services. We’ll help you send up to 90 percent of your transaction volume through GHX in as little as 90 days for significant cost and labor savings.

Building a Culture of Compliance

The second phase of OCR audits is not the permanent program but we have learned somethings so far

Managing business associate (BA) relationships in this era of change takes an ongoing approach. In fact, building a culture of compliance is the only way to make iterative improvements. So, does your organization demonstrate a culture of compliance through daily actions? Do you know the areas where the Office for Civil Rights (OCR) is putting the most emphasis? Does your organization understand the current definition of a business associate in the eyes of the OCR?

With phase two of OCR audits in progress, this is still just leading up to a permanent program but we can gain valuable insight from what has transpired so far to get a sense of the direction going forward. For instance, we see the OCR investigating smaller breaches and recent settlements have centered around lack of business associate agreements (BAAs) with increased focus on intercompany/subsidiary relationships, not just third-party relationships. Smaller breaches have led to the discovery of bigger issues and subsidiary relationships are just as accountable to privacy as third-parties.

In the Summit Series webinar hosted by GHX, Business Associate Management: Risks and Impacts to Providers, Joseph Dickinson Counsel at Tucker Ellis LLP and former Chief Privacy and Chief Information Security Officer at MetroHealth System speaks with Jackie McGuinn of GHX about building a culture of compliance and shares actionable strategies based on experience. For instance, a written policy is of little value without demonstrated (and documented) action backing it up and the best place to start is the top. Culture is built from the top down meaning that every level of the organization participates in the program, including leadership and the C-suite.

When it comes to identifying business associates, Joe relates from personal experience that objectivity is crucial. There are many relationships within a large hospital and many are long-standing, so while the nature of the service that a vendor provides may not change, systems and processes within your organization may change in a way that allows access to electronic personal health information (ePHI) incidentally for that vendor, therefore impacting its status as a business associate. This development may not be obvious to the individual or team that initiated the vendor relationship. Key to addressing ongoing review of vendors was a decision to move the checklist for BA status away from supply chain to a HIPAA compliance team. Additionally more supportive of ongoing review for BA status — establishing a partnership with vendors for continuing compliance education, building into your program a process for a free flow of information and routine communication.

Further discussion covered in the webinar recording include risk analysis and developing a corrective action plan, outdated business associate agreements, identifying BAs at onboarding and collecting information in preparation for an OCR audit.

You can also hear more from Joe Dickinson at the 2017 Supply Chain Summit. Best Practices in Vendor and Business Associate Risk Management is the breakout session topic where Joe will participate in a panel discussion along with Dawn Lambert of IASIS and Ed Lewis of Texas Children’s Hospital. The panel will share operational and best practices on developing and executing a business associate framework to reduce risk and improve compliance.